Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 7960 VoIP behind ASA 5510 not recieving calls, but can make calls

Posted on 2010-11-15
4
Medium Priority
?
1,741 Views
Last Modified: 2013-12-27
I have an interesting problem with our ASA 5510. We have a few Cisco 7960 VoIP phones which can make calls but are unable to receive calls after a few hours.

My thought was that the ASA was causing an issue with SYN/ACK messages coming from the phones and being denied due to no matching SYN and causing half open connections on the phones until the phone can no longer receive any new connections. I've seen this happen in the logs before.

this was "fixed" with:
service resetinbound interface outside
service resetinbound interface inside

However, I'm not seeing any denied SYN/ACK messages now and the phones are having this issue. The only way I know to temporarily resolve it is to re-enter the dynamic nat configuration, and then the phones begin to work again.

The phones are configured for SIP, and are using our ISPs IPBX to register.
[Phone]---->[ASA]-------->[ISP IPBX]

I've attached the ASA config. If anyone has any input on this, it will be greatly appreciated.


0
Comment
Question by:aaronhebert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Assisted Solution

by:aaronhebert
aaronhebert earned 0 total points
ID: 34143159
ran debug sip and found the following message

SIP::Unable to open pinhole for NOTIFY message from 192.168.26.20 to 192.168.26.20/50195
0
 

Expert Comment

by:kunalpatel
ID: 34212746
Dont you have to run the phone-proxy for this to work ??

Check this out

https://supportforums.cisco.com/docs/DOC-5704

Cheers

Kunal
0
 

Accepted Solution

by:
aaronhebert earned 0 total points
ID: 34317570
Found out that inspecting SIP on ASAs will cause this issue.

Resolution:
Do not inspect SIP. Perform QoS based on Expedited Forward value.

From the IP header:
Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding; ECN: 0x00)

This problem exists because we use multiple VoIP vendors. Linksys and Cisco. Each use their own protocols. Cisco uses RTP over UDP, and Linksys uses straight UDP without any further encapsulation. matching for QoS by DSCP field has resolved this issue.
priority-queue outside
priority-queue inside
!
class-map global-voice-class
 match dscp ef
!
policy-map global-voice-policy
 class global-voice-class
  priority
!
service-policy global-voice-policy global

Open in new window

0
 

Author Closing Comment

by:aaronhebert
ID: 34358719
issue resolved
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question